ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool GoldenEagle

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: GoldenEagle

NamesGoldenEagle
CategoryMalware
TypeReconnaissance, Backdoor, Info stealer, Exfiltration
Description(Lookout) Among the aspects that make GoldenEagle particularly interesting is that the earliest test samples of this family appeared as early as 2012, making it one of the longest-running surveillanceware families we have observed to date. GoldenEagle code has been identified in an impressively large and diverse set of applications over the years. These samples can be divided into two major groups: those that exfiltrate data via HTTP and those that exfiltrate data via SMTP, i.e., by sending exfiltrated data in file attachments of emails to an attacker-controlled mailbox using innocuous-looking subjects and mail body content. The latter technique, while appearing in the early stages of GoldenEagle development, has resurfaced in samples signed and analysed in May 2020.
Information<https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/apk.goldeneagle>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:GoldenEagle>

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

All groups using tool GoldenEagle

ChangedNameCountryObserved

APT groups

 Ke3chang, Vixen Panda, APT 15, GREF, Playful DragonChina2010-May 2020 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key